Skip to content

Commit

Permalink
Use more compact encoding of Montgomery curve constants
Browse files Browse the repository at this point in the history
Base 256 beats base 16.

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
  • Loading branch information
mpg authored and yanesca committed Jun 25, 2021
1 parent 10b8e5a commit ae48111
Showing 1 changed file with 24 additions and 6 deletions.
30 changes: 24 additions & 6 deletions library/ecp_curves.c
Original file line number Diff line number Diff line change
Expand Up @@ -685,6 +685,13 @@ static int ecp_mod_p256k1( mbedtls_mpi * );
#endif /* ECP_LOAD_GROUP */

#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
/* Constants used by ecp_use_curve25519() */
static const unsigned char curve25519_a24[] = { 0x01, 0xDB, 0x42 };
static const unsigned char curve25519_part_of_n[] = {
0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6,
0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED,
};

/*
* Specialized function for creating the Curve25519 group
*/
Expand All @@ -693,7 +700,8 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp )
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

/* Actually ( A + 2 ) / 4 */
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->A,
curve25519_a24, sizeof( curve25519_a24 ) ) );

/* P = 2^255 - 19 */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
Expand All @@ -702,8 +710,8 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp )
grp->pbits = mbedtls_mpi_bitlen( &grp->P );

/* N = 2^252 + 27742317777372353535851937790883648493 */
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16,
"14DEF9DEA2F79CD65812631A5CF5D3ED" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->N,
curve25519_part_of_n, sizeof( curve25519_part_of_n ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );

/* Y intentionally not set, since we use x/z coordinates.
Expand Down Expand Up @@ -746,6 +754,15 @@ const mbedtls_mpi mbedtls_ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY(
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */

#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
/* Constants used by ecp_use_curve448() */
static const unsigned char curve448_a24[] = { 0x98, 0xAA };
static const unsigned char curve448_part_of_n[] = {
0x83, 0x35, 0xDC, 0x16, 0x3B, 0xB1, 0x24,
0xB6, 0x51, 0x29, 0xC9, 0x6F, 0xDE, 0x93,
0x3D, 0x8D, 0x72, 0x3A, 0x70, 0xAA, 0xDC,
0x87, 0x3D, 0x6D, 0x54, 0xA7, 0xBB, 0x0D,
};

/*
* Specialized function for creating the Curve448 group
*/
Expand All @@ -757,7 +774,8 @@ static int ecp_use_curve448( mbedtls_ecp_group *grp )
mbedtls_mpi_init( &Ns );

/* Actually ( A + 2 ) / 4 */
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->A,
curve448_a24, sizeof( curve448_a24 ) ) );

/* P = 2^448 - 2^224 - 1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
Expand All @@ -775,8 +793,8 @@ static int ecp_use_curve448( mbedtls_ecp_group *grp )

/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16,
"8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Ns,
curve448_part_of_n, sizeof( curve448_part_of_n ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );

/* Actually, the required msb for private keys */
Expand Down

0 comments on commit ae48111

Please sign in to comment.